memory-forensics

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill includes explicit privileged commands (e.g., sudo insmod, sudo dd /dev/mem, cp /proc/kcore, osxpmem with sudo) that load kernel modules and access/modify low-level system memory, which change machine state and require escalated privileges, so it pushes the agent toward unsafe, state-modifying actions.